From: Jan Rękorajski <baggins@pld-linux.org>
Date: Tue, 27 Mar 2007 15:43:42 +0000 (+0000)
Subject: - uniformized configs to use system-auth where possible
X-Git-Tag: auto/th/pwdutils-3_1_3-3
X-Git-Url: https://git.pld-linux.org/?a=commitdiff_plain;h=3d1aa89b871e580b83bfacd2b1b0e23c2f4f7051;p=packages%2Fopenssh.git

- uniformized configs to use system-auth where possible
- sanitized
- uniform blacklist for pop3, imap and smtp services

Changed files:
    opensshd.pamd -> 1.7
    passwd.pamd -> 1.6
---

diff --git a/opensshd.pamd b/opensshd.pamd
index d33b2b2..5295659 100644
--- a/opensshd.pamd
+++ b/opensshd.pamd
@@ -1,17 +1,11 @@
 #%PAM-1.0
-auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
 auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist.sshd onerr=succeed
-auth		required	pam_unix.so
-auth		required	pam_tally.so deny=0 file=/var/log/faillog onerr=succeed
-auth		required	pam_shells.so
-auth		required	pam_nologin.so
-account		required	pam_tally.so file=/var/log/faillog onerr=succeed
+auth		include		system-auth
+account		required	pam_shells.so
+account		required	pam_nologin.so
 account		required 	pam_access.so
-account		required	pam_unix.so
-password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-password	required	pam_unix.so md5 shadow use_authtok
-password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
-session		required	pam_unix.so
-session		required	pam_env.so
-session		required	pam_limits.so change_uid
-session		optional	pam_mail.so standard
+account		include		system-auth
+password	include		system-auth
+session		optional	pam_keyinit.so force revoke
+session		include		system-auth
+session		optional	pam_mail.so
diff --git a/passwd.pamd b/passwd.pamd
index 4ec1f37..6a4fd03 100644
--- a/passwd.pamd
+++ b/passwd.pamd
@@ -1,9 +1,5 @@
 #%PAM-1.0
-auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
 auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist.passwd onerr=succeed
-auth		required	pam_unix.so
-account		required	pam_unix.so
-# password      [success=1 ignore=reset abort=die default=bad] pam_pwgen.so upper=1 digit=1
-password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-password	required	pam_unix.so md5 shadow use_authtok
-password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth